Skip to content

CVPN-1445 Add ML-KEM group #645

CVPN-1445 Add ML-KEM group

CVPN-1445 Add ML-KEM group #645

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request: null # target every PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref_name != 'main' }}
jobs:
ci:
needs: [earthly, coverage]
runs-on: ubuntu-latest
if: always()
steps:
- shell: bash
run: |
[[ $(echo '${{ toJSON(needs) }}' | jq 'map(select(.result != "success")) | length == 0') == 'true' ]] || exit 1
earthly:
strategy:
fail-fast: false
matrix:
target: [run-tests, build-release, fmt, lint, check-dependencies]
runs-on: ubuntu-latest
env:
EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}"
FORCE_COLOR: 1
steps:
- uses: earthly/actions-setup@v1
with:
version: v0.8.3
github-token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v4
with:
submodules: true
- name: Run +${{ matrix.target }} on Earthly satellite
run: earthly --ci --org expressvpn --satellite wolfssl-rs +${{ matrix.target }}
coverage:
runs-on: ubuntu-latest
env:
EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}"
FORCE_COLOR: 1
steps:
- uses: earthly/actions-setup@v1
with:
version: v0.8.3
github-token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v4
with:
submodules: true
- name: Run +run-coverage on Earthly satellite
id: coverage
run: |
earthly --ci --org expressvpn --satellite wolfssl-rs --artifact +run-coverage/* output/
cat output/summary.txt
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "summary<<$EOF" >> "$GITHUB_OUTPUT"
cat output/summary.txt >> "$GITHUB_OUTPUT"
echo "" >> "$GITHUB_OUTPUT"
echo "$EOF" >> "$GITHUB_OUTPUT"
- uses: actions/upload-artifact@v4
with:
name: coverage
path: output/html
if-no-files-found: error
- name: Check coverage
id: coverage-check
run: |
REGIONS_SOFT_THRESHOLD=50
REGIONS_HARD_THRESHOLD=40
LINES_SOFT_THRESHOLD=65
LINES_HARD_THRESHOLD=60
regions_coverage=$(jq '.data[].totals.regions.percent | floor' output/coverage.json)
lines_coverage=$(jq '.data[].totals.lines.percent | floor' output/coverage.json)
echo "Regions: $regions_coverage% (soft: $REGIONS_SOFT_THRESHOLD%, hard: $REGIONS_HARD_THRESHOLD%)"
echo "Lines: $lines_coverage% (soft: $LINES_SOFT_THRESHOLD%, hard: $LINES_HARD_THRESHOLD%)"
FAILED=false
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "text<<$EOF" >> "$GITHUB_OUTPUT"
if [[ $regions_coverage -lt $REGIONS_HARD_THRESHOLD ]] ; then
echo ":x: Region coverage $regions_coverage% below hard threshold $REGIONS_HARD_THRESHOLD%" >> "$GITHUB_OUTPUT"
FAILED=true
elif [[ $regions_coverage -lt $REGIONS_SOFT_THRESHOLD ]] ; then
echo ":warning: Region coverage $regions_coverage% below soft threshold $REGIONS_SOFT_THRESHOLD%" >> "$GITHUB_OUTPUT"
else
echo ":white_check_mark: Region coverage $regions_coverage% passes" >> "$GITHUB_OUTPUT"
fi
if [[ $lines_coverage -lt $LINES_HARD_THRESHOLD ]] ; then
echo ":x: Line coverage $lines_coverage% below hard threshold $LINES_HARD_THRESHOLD%" >> "$GITHUB_OUTPUT"
FAILED=true
elif [[ $lines_coverage -lt $LINES_SOFT_THRESHOLD ]] ; then
echo ":warning: Line coverage $lines_coverage% below soft threshold $LINES_SOFT_THRESHOLD%" >> "$GITHUB_OUTPUT"
else
echo ":white_check_mark: Line coverage $lines_coverage% passes" >> "$GITHUB_OUTPUT"
fi
echo "$EOF" >> "$GITHUB_OUTPUT"
echo "Setting output: failed: $FAILED"
echo "failed=$FAILED" >> "$GITHUB_OUTPUT"
- uses: jwalton/gh-find-current-pr@v1
id: find-pr
with:
state: open
- name: Find Coverage Comment
if: steps.find-pr.outputs.number
uses: peter-evans/find-comment@v3
id: coverage-comment
with:
issue-number: ${{ steps.find-pr.outputs.number }}
comment-author: 'github-actions[bot]'
body-includes: 'Code coverage summary'
- name: Create or update comment
if: steps.find-pr.outputs.number
uses: peter-evans/create-or-update-comment@v4
with:
comment-id: ${{ steps.coverage-comment.outputs.comment-id }}
issue-number: ${{ steps.find-pr.outputs.number }}
body: |
[Code coverage summary](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for ${{ github.sha }}:
```
${{ steps.coverage.outputs.summary }}
```
${{ steps.coverage-check.outputs.text }}
edit-mode: replace
- name: Coverage check fails
if: steps.coverage-check.outputs.failed == 'true'
run: exit 1